Privacy Policy
Last Updated: 30 November 2025
The Zen Master Group (“we,” “our,” or “us”) is committed to protecting your privacy and security. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
1. Who We Are (Data Controller)
The Zen Master Group is the “Data Controller” for the personal information we process.
Registered Address: Spaces, The Charter Building, Uxbridge, London, UB8 1JG
Data Privacy Contact: Alok Shinde
Email: Info@zenmasters.group
2. The Data We Collect
As an employment and staffing agency, we collect data necessary to find you work and pay you. This includes:
- Identity Data: Name, date of birth, gender, and photograph.
- Contact Data: Email address, telephone numbers, and residential address.
- Compliance & Right to Work Data: Passport/Visa copies, Home Office share codes (ECS), and National Insurance numbers.
- Employment Data: CVs, work history, references, and education details.
- Financial Data: Bank account details and tax codes for payroll purposes.
- Technical Data: IP addresses and login data when you use our candidate portal.
Special Category Data (Sensitive Information)
We may also collect sensitive data where legally required for your role (e.g., Security or Hospitality):
- Health Data: To assess fitness for work or disability adjustments.
- Criminal Records: DBS checks for security/steward roles (processed under specific authorisation in UK law).
- Biometric Data: If you use fingerprint/facial recognition time-and-attendance systems at client sites.
3. How We Collect Your Data
We collect data via:
- Direct interactions: Application forms, emails, and interviews.
- Third Parties: Job boards (e.g., Indeed, Reed), LinkedIn, or background check providers.
- Automated Technologies: Cookies on our website (see Cookie Policy).
4. How We Use Your Data & Lawful Basis
We will only use your data when the law allows us to. Most commonly, we use it for:
| Purpose | Lawful Basis |
| To register you as a candidate | Performance of Contract |
| To place you with clients | Legitimate Interests (Finding you work) |
| To pay you (Payroll) | Performance of Contract / Legal Obligation |
| Right to Work / DBS Checks | Legal Obligation |
| Health / Safety Assessments | Employment Law Obligations (Art 9 UK GDPR) |
5. Automated Decision Making & Profiling
New requirement under the Data (Use and Access) Act 2025.
We do not use solely automated AI tools to filter CVs.
We do not base decisions about your employment solely on automated processing. All recruitment decisions involve human review by our hiring team.
6. Data Sharing
We may share your data with:
- Clients: To propose you for shifts (e.g., event organisers, hotels).
- Payroll / Accountants: To ensure you get paid.
- Government Bodies: HMRC, Home Office (for immigration checks), and SIA (for security licensing).
- Software Providers: We use trusted third-party cloud systems (e.g., CrewPlanner, Ubeya, Humanforce for rostering) that meet strict security standards.
7. International Transfers
If we transfer your data outside the UK (e.g., if our software servers are in Europe), we ensure it is protected by standard contractual clauses approved by the UK Government.
8. Data Retention
We retain your data only as long as necessary:
- Unsuccessful Candidates: 12 months (to offer future roles).
- Employees/Workers: 6 years after employment ends (for tax/legal reasons).
- DBS Certificates: Disposed of securely immediately after verification (unless specific industry rules apply).
9. Your Rights
Under the UK GDPR and the Data (Use and Access) Act 2025, you have the right to:
- Access: Request a copy of your personal data (Subject Access Request). Note: We may “stop the clock” on the 30-day limit if we need to clarify your request.
- Correction: Ask us to fix wrong data.
- Erasure: Ask us to delete data (where we don’t need it for legal reasons like tax).
- Object: To marketing or processing based on “legitimate interests.”
10. Complaints Procedure
New requirement 2025.
If you have a concern about how we handle your data, the law now requires you to raise it with us first so we can resolve it.
- Contact us: Email Info@zenmasters.group with the subject “Data Complaint.”
- Our Response: We will acknowledge within 5 working days and investigate.
- Regulator: If you remain unhappy after our final response, you have the right to complain to the Information Commission (formerly ICO).
Approved By:
Alok Shinde
Director, The Zen Master Group
Date: 30/11/2025